Closed stokito closed 2 years ago
login_hint
, like me
, is a suggestion from a client as to who the client expects to be logging in. It is untrusted data that the AS can choose to ignore for any reason.
The vocabulary that IndieAuth uses is based on h-card
which is commonly used in projects that are using IndieAuth.
Thank you for the clarification. That's sad that OIDC didn't inherit vCard/h-Card names.
The me
param makes the spec slightly complicated
To be able to use the same DTOs as for OIDC it would be great to have fields with the same names:
Looks similar to:
But honestly it looks unsafe for me to ask and pass the param. A User must input it only on the AS side.
photo
in IndieAuth looks similar topicture
in OIDC.https://openid.net/specs/openid-connect-core-1_0.html